Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/KUm5hsnEempV0p7mctpRoNIW6_g.roa
File:                     KUm5hsnEempV0p7mctpRoNIW6_g.roa (raw, json)
Hash identifier:          g9859SuGt5PdNv1kx52cTOzYSH2UCs3RIKZ75YNAEPk=
Subject key identifier:   29:49:B9:86:C9:C4:7A:6A:55:D2:9E:E6:72:DA:51:A0:D2:16:EB:F8
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802D9326E29C245E8BA69556D27E50F
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/KUm5hsnEempV0p7mctpRoNIW6_g.roa
Signing time:             Tue 02 Jan 2024 02:31:19 +0000
ROA not before:           Tue 02 Jan 2024 02:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2865
IP address blocks:        194.132.150.0/24 maxlen: 24
                          192.36.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:d9:32:6e:29:c2:45:e8:ba:69:55:6d:27:e5:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2949b986c9c47a6a55d29ee672da51a0d216ebf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c9:47:20:40:75:fd:ad:31:56:e0:4b:3e:4c:
                    4d:e9:5f:fb:a8:ec:d5:f8:47:a5:ef:f1:c8:45:aa:
                    96:67:fc:d2:8f:bb:93:6a:79:d5:2b:d2:6c:85:6d:
                    38:0b:95:ae:85:f4:06:e5:b6:bf:5c:49:b1:3c:23:
                    d7:c6:46:2c:db:3e:36:32:be:ba:43:2b:42:56:be:
                    ce:74:5f:83:d7:13:48:f6:05:0c:b7:46:5b:cd:e2:
                    8f:78:63:12:8b:6f:b5:3c:82:89:34:24:50:9f:33:
                    3b:6f:b4:08:88:b9:d8:8f:6d:d4:23:f0:1c:5f:e3:
                    62:05:05:69:6f:70:ed:cd:b0:78:68:91:4d:f9:b0:
                    86:79:46:65:34:5c:f4:e2:0b:94:05:1f:a5:8c:59:
                    d0:13:f8:c5:5c:80:89:e7:89:dd:6e:fe:02:a7:68:
                    72:07:b1:02:57:4b:61:4c:3e:6d:e8:ab:46:7b:de:
                    b6:00:ce:6d:7b:ce:9c:3c:c0:3e:f4:a9:30:92:fd:
                    32:1b:2d:8a:0b:fa:37:95:ae:32:a6:20:34:9a:11:
                    96:c6:96:8b:ae:46:0c:2e:2f:5a:56:12:90:9a:bf:
                    34:51:20:1e:88:4b:fc:eb:15:dc:cc:9a:62:0b:25:
                    78:d2:cc:00:9a:c2:67:7e:88:f5:54:ac:62:ef:cf:
                    85:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:49:B9:86:C9:C4:7A:6A:55:D2:9E:E6:72:DA:51:A0:D2:16:EB:F8
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/KUm5hsnEempV0p7mctpRoNIW6_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.36.49.0/24
                  194.132.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:e0:50:0f:83:b5:82:84:c1:95:6f:2c:bf:f7:79:d9:de:85:
         76:cf:9a:8f:0e:d8:c1:ac:4c:36:5b:c2:3f:e0:15:ea:de:29:
         91:68:fb:31:8e:6c:2d:46:d8:97:08:d8:8d:42:41:e5:70:ef:
         b3:e8:5e:9b:43:af:41:5f:a0:8a:59:f8:f1:10:41:e4:e4:e4:
         1c:c8:b1:d2:b3:b8:60:11:95:5c:f0:8b:b2:66:28:1d:1d:d5:
         e2:14:e4:ef:9e:fe:9a:b8:4d:55:83:60:7a:dc:a8:ba:e8:04:
         ff:d5:28:93:5c:de:30:a2:a1:06:a6:38:30:18:19:b6:01:20:
         48:4e:4c:a8:7f:bc:a9:4f:b6:0a:f3:fe:10:6d:30:20:11:3e:
         9b:6a:cf:95:e8:52:3d:da:34:1b:cf:35:04:03:d7:47:cd:4b:
         86:7b:46:a9:69:7b:a5:f7:43:80:63:a3:66:d9:17:36:c1:50:
         23:bb:d5:88:24:45:59:1c:e2:58:25:63:3f:44:36:71:57:3b:
         f5:d9:ce:63:71:df:ed:d6:82:d0:a2:dd:fc:3a:d7:9c:0d:56:
         cc:c8:27:62:f0:e4:92:e1:cf:78:9c:d7:5d:59:e4:2c:82:cd:
         5e:aa:4c:51:27:fa:8e:c8:0f:95:c7:ce:b0:83:29:cb:d4:be:
         d5:9d:d1:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAtkybinCRei6aVVtJ+UPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTQ5Yjk4NmM5YzQ3YTZhNTVkMjllZTY3MmRhNTFhMGQyMTZlYmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApclHIEB1/a0xVuBLPkxN6V/7qOzV
+Eel7/HIRaqWZ/zSj7uTannVK9JshW04C5WuhfQG5ba/XEmxPCPXxkYs2z42Mr66
QytCVr7OdF+D1xNI9gUMt0ZbzeKPeGMSi2+1PIKJNCRQnzM7b7QIiLnYj23UI/Ac
X+NiBQVpb3DtzbB4aJFN+bCGeUZlNFz04guUBR+ljFnQE/jFXICJ54ndbv4Cp2hy
B7ECV0thTD5t6KtGe962AM5te86cPMA+9Kkwkv0yGy2KC/o3la4ypiA0mhGWxpaL
rkYMLi9aVhKQmr80USAeiEv86xXczJpiCyV40swAmsJnfoj1VKxi78+F+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFClJuYbJxHpqVdKe5nLaUaDSFuv4MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvS1VtNWhzbkVlbXBWMHA3bWN0cFJvTklXNl9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwCQxAwQA
woSWMA0GCSqGSIb3DQEBCwUAA4IBAQAd4FAPg7WChMGVbyy/93nZ3oV2z5qPDtjB
rEw2W8I/4BXq3imRaPsxjmwtRtiXCNiNQkHlcO+z6F6bQ69BX6CKWfjxEEHk5OQc
yLHSs7hgEZVc8IuyZigdHdXiFOTvnv6auE1Vg2B63Ki66AT/1SiTXN4woqEGpjgw
GBm2ASBITkyof7ypT7YK8/4QbTAgET6bas+V6FI92jQbzzUEA9dHzUuGe0apaXul
90OAY6Nm2Rc2wVAju9WIJEVZHOJYJWM/RDZxVzv12c5jcd/t1oLQot38OtecDVbM
yCdi8OSS4c94nNddWeQsgs1eqkxRJ/qOyA+Vx86wgynL1L7VndH7
-----END CERTIFICATE-----